betterr quality of protection handling

author: Jeremy Lainé <jeremy.laine@m4x.org> 2012-07-20 07:17:26 +0200
committer: Jeremy Lainé <jeremy.laine@m4x.org> 2012-07-20 07:17:26 +0200
commit: 5cc24eacef39919dabf37a2a384bb5f22db8c262 (patch)
tree: 38ae5320a11d06beb98a71b362ec3067f91d035d
parent: 6618cfaa8cf3e4d1c4df4ea3749d6171b93373bf (diff)
download: qxmpp-5cc24eacef39919dabf37a2a384bb5f22db8c262.tar.gz
2 files changed, 25 insertions, 11 deletions
diff --git a/src/base/QXmppSaslAuth.cpp b/src/base/QXmppSaslAuth.cpp
index 9c21fe86..e913a8d8 100644
--- a/src/base/QXmppSaslAuth.cpp
+++ b/src/base/QXmppSaslAuth.cpp
@@ -158,13 +158,15 @@ bool QXmppSaslClientDigestMd5::respond(const QByteArray &challenge, QByteArray &
         const QByteArray realm = input.value("realm");
 
         // determine quality of protection
-        const QList<QByteArray> qops = input.value("qop").split(',');
-        if (qops.contains("auth")) {
-            m_saslDigest.setQop("auth");
-            m_saslDigest.setCnonce(QXmppSaslDigestMd5::generateNonce());
-            m_saslDigest.setNc("00000001");
+        const QList<QByteArray> qops = input.value("qop", "auth").split(',');
+        if (!qops.contains("auth")) {
+            qWarning("QXmppSaslClientDigestMd5 : Invalid quality of protection");
+            return false;
         }
 
+        m_saslDigest.setQop("auth");
+        m_saslDigest.setCnonce(QXmppSaslDigestMd5::generateNonce());
+        m_saslDigest.setNc("00000001");
         m_saslDigest.setDigestUri(QString("xmpp/%1").arg(server()).toUtf8());
         m_saslDigest.setNonce(input.value("nonce"));
         m_saslDigest.setSecret(QCryptographicHash::hash(
@@ -177,11 +179,9 @@ bool QXmppSaslClientDigestMd5::respond(const QByteArray &challenge, QByteArray &
         if (!realm.isEmpty())
             output["realm"] = realm;
         output["nonce"] = m_saslDigest.nonce();
-        if (!m_saslDigest.qop().isEmpty()) {
-            output["qop"] = m_saslDigest.qop();
-            output["cnonce"] = m_saslDigest.cnonce();
-            output["nc"] = m_saslDigest.nc();
-        }
+        output["qop"] = m_saslDigest.qop();
+        output["cnonce"] = m_saslDigest.cnonce();
+        output["nc"] = m_saslDigest.nc();
         output["digest-uri"] = m_saslDigest.digestUri();
         output["response"] = m_saslDigest.calculateDigest(
             QByteArray("AUTHENTICATE:") + m_saslDigest.digestUri());
diff --git a/tests/sasl.cpp b/tests/sasl.cpp
index db9f8fe1..0de2592b 100644
--- a/tests/sasl.cpp
+++ b/tests/sasl.cpp
@@ -38,13 +38,24 @@ void tst_QXmppSaslClient::testAnonymous()
     QCOMPARE(response, QByteArray());
  
     // any further step is an error
+    QTest::ignoreMessage(QtWarningMsg, "QXmppSaslClientAnonymous : Invalid step");
     QVERIFY(!client->respond(QByteArray(), response));
 
     delete client;
 }
 
+void tst_QXmppSaslClient::testDigestMd5_data()
+{
+    QTest::addColumn<QByteArray>("qop");
+    QTest::newRow("qop-none") << QByteArray();
+    QTest::newRow("qop-auth") << QByteArray(",qop=\"auth\"");
+    QTest::newRow("qop-multi") << QByteArray(",qop=\"auth,auth-int\"");
+}
+
 void tst_QXmppSaslClient::testDigestMd5()
 {
+    QFETCH(QByteArray, qop);
+
     qsrand(0);
     QXmppSaslClient *client = QXmppSaslClient::create("DIGEST-MD5");
     QVERIFY(client != 0);
@@ -59,13 +70,14 @@ void tst_QXmppSaslClient::testDigestMd5()
     QVERIFY(client->respond(QByteArray(), response));
     QCOMPARE(response, QByteArray());
 
-    QVERIFY(client->respond(QByteArray("nonce=\"2530347127\",qop=\"auth\",charset=utf-8,algorithm=md5-sess"), response));
+    QVERIFY(client->respond(QByteArray("nonce=\"2530347127\"") + qop + QByteArray("charset=utf-8,algorithm=md5-sess"), response));
     QCOMPARE(response, QByteArray("charset=utf-8,cnonce=\"AMzVG8Oibf+sVUCPPlWLR8lZQvbbJtJB9vJd+u3c6dw=\",digest-uri=\"xmpp/jabber.ru\",nc=00000001,nonce=2530347127,qop=auth,response=a61fbf4320577d74038b71a8546bc7ae,username=qxmpp1"));
 
     QVERIFY(client->respond(QByteArray("rspauth=d92bf7f4331700c24799cbab364a14b7"), response));
     QCOMPARE(response, QByteArray());
 
     // any further step is an error
+    QTest::ignoreMessage(QtWarningMsg, "QXmppSaslClientDigestMd5 : Invalid step");
     QVERIFY(!client->respond(QByteArray(), response));
 
     delete client;
@@ -90,6 +102,7 @@ void tst_QXmppSaslClient::testFacebook()
     QCOMPARE(response, QByteArray("access_token=123456789012345&api_key=abcdefghijlkmno&call_id=&method=auth.xmpp_login&nonce=AA4EFEE16F2AB64B131EEFFE6EACDDB8&v=1.0"));
 
     // any further step is an error
+    QTest::ignoreMessage(QtWarningMsg, "QXmppSaslClientFacebook : Invalid step");
     QVERIFY(!client->respond(QByteArray(), response));
 
     delete client;
@@ -110,6 +123,7 @@ void tst_QXmppSaslClient::testPlain()
     QCOMPARE(response, QByteArray("\0foo\0bar", 8));
 
     // any further step is an error
+    QTest::ignoreMessage(QtWarningMsg, "QXmppSaslClientPlain : Invalid step");
     QVERIFY(!client->respond(QByteArray(), response));
 
     delete client;
author	Jeremy Lainé <jeremy.laine@m4x.org>	2012-07-20 07:17:26 +0200
committer	Jeremy Lainé <jeremy.laine@m4x.org>	2012-07-20 07:17:26 +0200
commit	5cc24eacef39919dabf37a2a384bb5f22db8c262 (patch)
tree	38ae5320a11d06beb98a71b362ec3067f91d035d
parent	6618cfaa8cf3e4d1c4df4ea3749d6171b93373bf (diff)
download	qxmpp-5cc24eacef39919dabf37a2a384bb5f22db8c262.tar.gz